New! Restrict WordPress Login to Email Address or Username Only with iThemes Security

By default, WordPress allows users to log in using either an email address or username. The latest version of iThemes Security adds a new setting to allow you to restrict WordPress logins to only accept email addresses or usernames.

To take advantage of this update, you’ll need to update to iThemes Security Free (6.6.0) or iThemes Security Pro (v. 4.5.0). Current iThemes Security Pro, Plugin Suite and Toolkit customers will find the 4.5.0 update available for licensed sites or as a manual download from the iThemes Member Panel. Save time & update iThemes Security on all your sites at once from the iThemes Sync dashboard.

The iThemes Security plugin adds a new setting in WordPress Tweaks with three options for restricting WordPress logins:

Email Address and Username (Default) – Allow users to log in using their user’s email address or username. This is the default WordPress behavior.

Email Address Only – Users can only log in using their user’s email address. This disables logging in using a username.

Username Only – Users can only log in using their user’s username. This disables logging in using an email address.

Once you’ve updated to iThemes Security 6.6 or iThemes Security Pro 4.5, you’ll find the new setting in WordPress Tweaks from the iThemes Security > Settings page in your WordPress dashboard. You’ll see the Login with Email Address or Username section at the bottom of the screen.

You can then select from the drop-down your preferred setting: Email Address and Username (Default), Email Address Only or Username Only.